WordPress Security Threat: Old Versions Under Attack
- by Martin Kaba
- on Sat Sep 5, 2009
- 3 Comments
There are reports that older versions of WordPress -- now at version 2.8.4, are exposed to security threats.
Two clues provided by Lorelle on WordPress blog that your non-up-to-date WordPress blog is under attack;
1) Strange additions to permalinks, such as
1 | example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/ |
The keywords are “eval” and “base64_decode.”
2) The second clue is that a “back door” was created by a “hidden” Administrator. Check your site users for “Administrator (2)” or a name you do not recognize.
To prevent this type of attack, you’re recommended to;
- Immediately update to the latest version of WordPress
- Change ALL passwords to a strong password immediately, including WordPress blog access for all users, database, FTP, control panels, everything.
WordPress, is the biggest open source publishing platform. It now counts over 5,317,000 downloads.
via [Lorelle on WordPress ]
4:00 pm on September 5th, 2009
#WordPress Security Threat: Old Versions Under Attack http://bit.ly/fD6Lx
1:25 pm on September 6th, 2009
[...] WordPress Security Threat: Old Versions Under Attack [...]
12:48 pm on October 21st, 2009
[...] several security threats were found on older versions of WordPress, it’s rather obvious that the newly released WordPress 2.8.5 is security focused. Security [...]